Merge branch 'maint'

* maint: ssl: Fix renegotiation testcases ssl: Fix failing rizzo testcases ssl: Use IPv4 addresses with openssl s_client ssl: Use sha256 in test certificates if supported Change-Id: I8a604d607333d029b170e3d3ad31ea01890202ea
author: Péter Dimitrov <[email protected]> 2019-02-14 11:08:56 +0100
committer: Péter Dimitrov <[email protected]> 2019-02-14 11:08:56 +0100
commit: 2d04d0459d6f8e474a674f1c1022826147c27090 (patch)
tree: f4c4031c23697e11e38232d21613087d2c496efc
parent: b2692ec96be038164f5c4dac93e68675bc42052f (diff)
parent: 29534be6b43a9f0892996efd618dfe948fac8ded (diff)
download: otp-2d04d0459d6f8e474a674f1c1022826147c27090.tar.gz
otp-2d04d0459d6f8e474a674f1c1022826147c27090.tar.bz2
otp-2d04d0459d6f8e474a674f1c1022826147c27090.zip
3 files changed, 35 insertions, 3 deletions
diff --git a/lib/ssl/test/ssl_basic_SUITE.erl b/lib/ssl/test/ssl_basic_SUITE.erl
index 0a9a27c109..bcb1f4f4fd 100644
--- a/lib/ssl/test/ssl_basic_SUITE.erl
+++ b/lib/ssl/test/ssl_basic_SUITE.erl
@@ -4066,6 +4066,9 @@ rizzo_one_n_minus_one(Config) when is_list(Config) ->
                                          {cipher, 
                                           fun(rc4_128) ->
                                                   false;
+                                             %% TODO: remove this clause when chacha is fixed!
+                                             (chacha20_poly1305) ->
+                                                  false;
                                              (_) -> 
                                                   true 
                                           end}]),
diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl
index f8b60c5edf..b350dabcaf 100644
--- a/lib/ssl/test/ssl_test_lib.erl
+++ b/lib/ssl/test/ssl_test_lib.erl
@@ -864,7 +864,8 @@ make_rsa_cert(Config) ->
 	    Config
     end.
 appropriate_sha(CryptoSupport) ->
-    case proplists:get_bool(sha256, CryptoSupport) of
+    Hashes = proplists:get_value(hashs, CryptoSupport),
+    case lists:member(sha256, Hashes) of
 	true ->
 	    sha256;
 	false ->
@@ -1111,11 +1112,11 @@ start_client(openssl, Port, ClientOpts, Config) ->
     CA = proplists:get_value(cacertfile, ClientOpts),
     Version = ssl_test_lib:protocol_version(Config),
     Exe = "openssl",
-    Args = ["s_client", "-verify", "2", "-port", integer_to_list(Port),
+    Args0 = ["s_client", "-verify", "2", "-port", integer_to_list(Port),
 	    ssl_test_lib:version_flag(Version),
 	    "-cert", Cert, "-CAfile", CA,
 	    "-key", Key, "-host","localhost", "-msg", "-debug"],
-
+    Args = maybe_force_ipv4(Args0),
     OpenSslPort = ssl_test_lib:portable_open_port(Exe, Args), 
     true = port_command(OpenSslPort, "Hello world"),
     OpenSslPort;
@@ -1129,6 +1130,18 @@ start_client(erlang, Port, ClientOpts, Config) ->
 			       {mfa, {ssl_test_lib, check_key_exchange_send_active, [KeyEx]}},
 			       {options, [{verify, verify_peer} | ClientOpts]}]).
 
+%% Workaround for running tests on machines where openssl
+%% s_client would use an IPv6 address with localhost. As
+%% this test suite and the ssl application is not prepared
+%% for that we have to force s_client to use IPv4 if
+%% OpenSSL supports IPv6.
+maybe_force_ipv4(Args0) ->
+    case is_ipv6_supported() of
+        true ->
+            Args0 ++ ["-4"];
+        false ->
+            Args0
+    end.
 
 start_client_ecc(erlang, Port, ClientOpts, Expect, ECCOpts, Config) ->
     {ClientNode, _, Hostname} = ssl_test_lib:run_where(Config),
@@ -1692,6 +1705,17 @@ active_once_disregard(Socket, N) ->
             ssl:setopts(Socket, [{active, once}]),
             active_once_disregard(Socket, N-byte_size(Bytes))
     end.
+
+is_ipv6_supported() ->
+    case os:cmd("openssl version") of
+        "OpenSSL 0.9.8" ++ _ -> % Does not support IPv6
+            false;
+        "OpenSSL 1.0" ++ _ ->   % Does not support IPv6
+            false;
+        _ ->
+            true
+    end.
+
 is_sane_ecc(openssl) ->
     case os:cmd("openssl version") of
 	"OpenSSL 1.0.0a" ++ _ -> % Known bug in openssl
diff --git a/lib/ssl/test/ssl_to_openssl_SUITE.erl b/lib/ssl/test/ssl_to_openssl_SUITE.erl
index 87a1edfd96..df84411b6d 100644
--- a/lib/ssl/test/ssl_to_openssl_SUITE.erl
+++ b/lib/ssl/test/ssl_to_openssl_SUITE.erl
@@ -1946,6 +1946,11 @@ erlang_ssl_receive(Socket, Data) ->
     ct:log("Connection info: ~p~n",
 		       [ssl:connection_information(Socket)]),
     receive
+        {ssl, Socket, "R\n"} ->
+            %% Swallow s_client renegotiation command.
+            %% openssl s_client connected commands can appear on
+            %% server side with some openssl versions.
+            erlang_ssl_receive(Socket,Data);
 	{ssl, Socket, Data} ->
 	    io:format("Received ~p~n",[Data]),
 	    %% open_ssl server sometimes hangs waiting in blocking read
author	Péter Dimitrov <[email protected]>	2019-02-14 11:08:56 +0100
committer	Péter Dimitrov <[email protected]>	2019-02-14 11:08:56 +0100
commit	2d04d0459d6f8e474a674f1c1022826147c27090 (patch)
tree	f4c4031c23697e11e38232d21613087d2c496efc
parent	b2692ec96be038164f5c4dac93e68675bc42052f (diff)
parent	29534be6b43a9f0892996efd618dfe948fac8ded (diff)
download	otp-2d04d0459d6f8e474a674f1c1022826147c27090.tar.gz otp-2d04d0459d6f8e474a674f1c1022826147c27090.tar.bz2 otp-2d04d0459d6f8e474a674f1c1022826147c27090.zip